Monthly
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
Local privilege escalation in Siemens' IAM Client SDK, a shared authentication component bundled across a wide range of Siemens engineering and PLM products (Solid Edge, Teamcenter Visualization, Simcenter, Tecnomatix, COMOS, Designcenter NX), allows an authenticated local user to load attacker-controlled code through an untrusted search path (CWE-426) and gain elevated privileges. The flaw carries a CVSS 4.0 base score of 8.5 and requires only low local privileges with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 4.0 base score is 8.4 (High).
Local privilege escalation in the Notepad++ Windows installer (versions 8.9.4 through 8.9.5) lets an unprivileged local attacker gain the elevated privileges of the installer by planting a malicious powershell.exe. Because the installer calls powershell.exe by name (not absolute path) after setting the working directory to the installation contextMenu folder, a privileged user who installs into an attacker-writable custom directory triggers execution of the attacker's binary. No public exploit has been identified at time of analysis; the issue is fixed in 8.9.6 and corresponds to CWE-426 (Untrusted Search Path).
Untrusted search path execution in OpenClaw before 2026.5.2 allows a local low-privileged user to coerce maintenance task routines into invoking attacker-controlled executables in place of the intended trash command. By manipulating workspace-derived environment paths consumed during maintenance operations, an authenticated user can hijack command resolution and run arbitrary binaries in the OpenClaw process context. No public exploit identified at time of analysis, but VulnCheck has published a dedicated advisory describing the workspace-derived service path abuse.
Untrusted search path in OpenClaw before 2026.5.2 allows local attackers who can influence a workspace .env file to redirect bundled runtime dependency loading to attacker-controlled paths, resulting in arbitrary code execution during dependency resolution. The STATE_DIRECTORY environment variable is not validated before being used to anchor runtime dependency roots, so a poisoned workspace can execute code in the context of a user who opens it. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Untrusted search path in OpenClaw versions prior to 2026.4.29 lets workspace-local .env files override the npm_execpath variable consulted by the install helper, redirecting bundled dependency installation to an attacker-controlled package-manager binary. An attacker who can place files in the workspace can hijack the runtime dependency setup step to compromise the build environment under the developer's identity, with no public exploit identified at time of analysis.
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
Local privilege escalation in Siemens' IAM Client SDK, a shared authentication component bundled across a wide range of Siemens engineering and PLM products (Solid Edge, Teamcenter Visualization, Simcenter, Tecnomatix, COMOS, Designcenter NX), allows an authenticated local user to load attacker-controlled code through an untrusted search path (CWE-426) and gain elevated privileges. The flaw carries a CVSS 4.0 base score of 8.5 and requires only low local privileges with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 4.0 base score is 8.4 (High).
Local privilege escalation in the Notepad++ Windows installer (versions 8.9.4 through 8.9.5) lets an unprivileged local attacker gain the elevated privileges of the installer by planting a malicious powershell.exe. Because the installer calls powershell.exe by name (not absolute path) after setting the working directory to the installation contextMenu folder, a privileged user who installs into an attacker-writable custom directory triggers execution of the attacker's binary. No public exploit has been identified at time of analysis; the issue is fixed in 8.9.6 and corresponds to CWE-426 (Untrusted Search Path).
Untrusted search path execution in OpenClaw before 2026.5.2 allows a local low-privileged user to coerce maintenance task routines into invoking attacker-controlled executables in place of the intended trash command. By manipulating workspace-derived environment paths consumed during maintenance operations, an authenticated user can hijack command resolution and run arbitrary binaries in the OpenClaw process context. No public exploit identified at time of analysis, but VulnCheck has published a dedicated advisory describing the workspace-derived service path abuse.
Untrusted search path in OpenClaw before 2026.5.2 allows local attackers who can influence a workspace .env file to redirect bundled runtime dependency loading to attacker-controlled paths, resulting in arbitrary code execution during dependency resolution. The STATE_DIRECTORY environment variable is not validated before being used to anchor runtime dependency roots, so a poisoned workspace can execute code in the context of a user who opens it. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Untrusted search path in OpenClaw versions prior to 2026.4.29 lets workspace-local .env files override the npm_execpath variable consulted by the install helper, redirecting bundled dependency installation to an attacker-controlled package-manager binary. An attacker who can place files in the workspace can hijack the runtime dependency setup step to compromise the build environment under the developer's identity, with no public exploit identified at time of analysis.